Login

Bussyman · 10.08.2017, 16:31

Hi,

https://sampforum.blast.hk/showthread.php?tid=197755

SendMail function if player can write email, i need to escape before sendmail i can use, or this not need only for mysql funtions?

Misiur · 10.08.2017, 16:35

You might want to protect yourself against HTML injection (if you don't want to allow users to write mails with html in them), but no, escaping (%e) is specifically for protection against SQL injection

X337 · 10.08.2017, 16:35

You don't need to escape anything unless you're going to use some email's informations inputted by users into SQL queries.

Edit: Misiur answer's faster and better

Bussyman · 10.08.2017, 16:37

Code:

stock IsCorrectMail(mail[])
{
	new len = strlen(mail), bool:find[2], w;
 	if(!(6 < len < 129)) return false;
  	for(new l; l < len; l++)
  	{
   		if(mail[l] == '.') find[0] = true;
     	if(mail[l] == '@')
      	{
       		if(find[1]) return false;
         	find[1] = true;
          	w = l;
           	if(w > 64) return false;
       	}
        if(!(mail[l] >= 'A' && mail[l] <= 'Z' || mail[l] >= 'a' && mail[l] <= 'z' || mail[l] >= '0' && mail[l] <= '9' || mail[l] == '.' || mail[l] == '-' || mail[l] == '_' || mail[l] == '@')) return false;
   	}
    if(len - w > 65) return false;
    if(!find[0] || !find[1]) return false;
    return true;
}

So i with this check email player input, so this protect that player not write mails with html?

Login
Username:
Password:	Lost Password?
	Remember me